Advanced code review using Code Analysis

Hello, I'm John Pocknell, Toad for Oracle product manager. And welcome to the series on enabling agile database development using Toad for Oracle. In this Step 7, we're going to talk about advanced code reviews using Toad's Code Analysis feature.
So why does code review matter? Well, even in development shops where coding standards may exist, often we find that they're rarely adopted across product teams, which then leads to inconsistencies. Typical manual peer-based code reviews are often subjective. They're very limited in scope, usually just looking at the readability of the code and some obvious facets of the code, and are therefore very inconsistent.
The process of creating new PL/SQL code and maintaining a legacy code often fails to leverage the latest advances in Oracle's PL/SQL language and structures, which can lead to code not fulfilling its true potential when it gets to production. Coding best practices can lead to poorly maintainable code in the future, and often, PL/SQL code can last for many years. Management doesn't get a good perspective of the overall code quality across a project until it comes back to the development team as unplanned rework as a result of a production issue. And finally, this is very important as we move toward agile and we start thinking about an automated process-- having effective code review process is even more important.
So now, let's get into a demo and walk you through how Code Analysis works. So here is my Toad UI. I'm in the editor and I've got a stored procedure open. And because I've already got Code Analysis set up, I'm using a particular rule set-- rule sets are containers that contain different rules. There is a rules universe in Toad with about 200 different rules. There are some predefined ones, which you can view from the dropdown, but equally, you can create your own rules based on your own coding standards and select rules from the rules universe.
Already in the editor, you can see, by way of these squiggly lines, the fact that I've got some coding violations, which means that the code in this window is not conforming to the standards that are set up in these rules. The other way to determine how good the code quality is is by running an analysis. So if I push this button here, Analyze Code In Current Editor Window, I'll get a report at the bottom which shows me details about all the various coding analysis violations, as well as coding analysis statistics-- including analysis like McCabe's Cyclomatic Complexity, Halstead Volume, Maintainability Index, and so forth. I get a CRUD matrix with details, showing which tables were involved.
So coming back to the coding violations in the editor, this is a way to show the developer where coding violations are happening. And they can then take corrective action in situ. So let's look at a couple of simple ones. If I mouse over here, this is one here-- rule 28, 29.
So here what's happening is the developer has declared a number subtype but they haven't specified a position. And that is inefficient because what Oracle will do, well it will assume it's 38 characters wide, which is a very big number. So to correct it, all I need to do is to specify a precision in here-- let's make it 20 characters wide-- and then you will see that coding violation is now gone.
If I come down to here, this coding violation here is a code correctness issue-- you can see in the hint there. And it's recommending that I use an ANSI standard join wherever possible. Now this is something you can do using code refactoring. So if I right click this WHERE clause, in the code refactoring down here-- Refactor-- I can change this Oracle join syntax to ANSI join syntax. So if a select this option, it will rewrite the WHERE clause there into one which uses an ANSI join syntax.
So that's a couple of advantages of Code Analysis, is it automatically checks the code according to the standards laid down in the particular rule set that's being used. And developers can see the issues, understand the issues, and make the necessary corrections. OK, the next thing you might want to do is to take a few of all of the code in the project, rather than one program at a time. And so what you can do for that is you can launch a dashboard, either by pushing this button-- Send To Code Analysis-- or by going to Database, Diagnose, Code Analysis.
Now I've actually got a dashboard already open here. It's already populated with stored procedures. You can select these either from here-- Load Objects-- or you can load files into here as well. These results can all be saved, either in an Oracle database-- so you can set up a schema into which to save these results-- or you can save them into Toad Intelligence Central.
So that's an introduction into how Code Analysis works. How do I start creating my own rules that I want to use on my project? So the first thing to do is come up to the toolbar here and select Edit Rule Sets. So Edit Rule Sets gives you visibility of all the rule sets that are currently in here and allows you to create rule sets from scratch and select the rules that you want into your rule set. Remember, rule set is simply a container that contains the rules that you want to use for your code reviews.
The ones that are supplied with Toad are not editable so they're preserved, and so you better create a new rule set using this button, and then you better select rules from the rules universe to use for your project. So I've got one here called Demo 1 where I've already got some rules, and I'm going to edit it and add some more rules.
So here's the Edit Rule Set button, I click that. Then you can see that here's my Demo 1 and I've got access now to all the rules. You can see some have already been selected and I'm going to select a few more. Click OK, just click Done, and I'm finished.
The other thing I'm going to do from here is I can provide access to this rule set by exporting it as a file and share that file with other developers. Or if I'm using Toad Intelligence Central as a central server for collaboration, then I can publish this modified rule set to Toad Intelligence Central and then people on the same project can all access that same rule set. Now this is important, because if you've got a group of developers all working on the same project, you want to make sure that they're all doing their code reviews to the same standards that you've set up here.
The other thing you might want to do is to edit the rules themselves. So I showed you how to create a new rule set, but if I click Edit Rules, I now get access to all of the rules that are in the rules universe. And if I just do a quick row count here, you can see how many of them are in here-- 194 different rules. Now the idea of this is that whilst we have a lot of different rules in here that will satisfy most eventualities when it comes to code review in PL/SQL code, there may be some variations that you want to apply-- which means that some of these may need to be modified.
So here's an example. If I select this rule here-- 28, 27-- this is the code correctness rule and it's looking at the use of some of these specific data types-- char, nchar, varchar, so forth. Now it might well be, in your organization, that you never use nvarchar2 or nchar, and so there's no point in having them in here and you might want to remove them. And so what you need to do is edit this particular rule.
So having selected the rule, I then come up to the toolbar here and say Edit Selected Rule and I'm shown the Code Analysis Rule Builder. So this is a Rule Builder for rule 28, 27. There's the description-- you can modify that-- and here's what's called an XPath expression. So Code Analysis uses XPath to define how the rules work inside of Toad. And you can take this XPath expression and modify it.
If you're feeling really brave, what you could do is create new rules from scratch. So when you create a new rule, you're exposed to a brand new Code Analysis Rule Builder, and all the rules start from 7,000. So these will be saved in a completely separate area away from the main rules universe and you can you share these in exactly the same way as the ones that are supplied by Toad. So that's an overview of how to automate your code reviews using Code Analysis. Thanks for listening.